Zimbra Forums

Hi,
Need some help on this:

I have a zimbra with multiple domains (email for multiple domains i.e mail.abc.com, mail.xyz.com, mail.example.com, mail.test.com).
I have installed commercial SSL for all my email domain.
Among multiple email domains my one email domain is not needed and its SSL is also not renewed. lets say mail.test.com is not needed and its ssl is not renewed.
Now issue is with connecting outlook to mail.abc.com and mail.xyz.com with imap 993 and smpt with 587.
While browsing email in web all are working fine and SSL is showed correctly green in browser with respective domain SSL certificate.

But while connecting from outlook and mobile devices for mail.abc.com, mail.xyz.com, mail.example.com I am getting error for ssl as certificate is expired and couldn't connect to email as its taking SSL which is expired one for mail.test.com

My Zimbra version is Zimbra 8.8.12_GA_3794 (build 20190329045002).

Hi,
I use Letsencrypt for multidomain/single server and do not have this issue. However, I believe that you should follow this wiki: https://wiki.zimbra.com/wiki/Multiple_S ... _for_HTTPS

Regards,
Minh.

Hi zimico,

While browsing in web even I do not have issue all are working fine. Issue with connecting from client like outlook.

Provided link not browsed.

Hi there,

Any one to help me?

I have the same problem while using multiple SSL for Multiple Domain (SNI)

Outlook always recoginze 1 SSL Cer for all of domain, such as i have 2 domain configed with mail.abc.com and mail.xyz.com

When config Outlook with email @abc.com, incoming server and outgoing server is mail.abc.com but outlook always show Certificate Notification "The server you are connected is using a security certificate that can not be verified " and when browse this SSL Cert, it points to SSL of mail.xyz.com

Please tell me how to fix it!

use case

on fresh Daffodil you configure 2 vhosts
mail.aaaa.com
mail.bbb.com

then you configure an account w/ tb or outllok on domain mail.bbb.com
but zimbra send always mail.aaaa.com certificate
and tb / outlok complain cert does not belong to mail.bbb.com

workaround: swtch mail.aaa.com and mail.bbb.com on nginx.conf.mail.imaps
this is a bug according to me

vi nginx.conf.mail.imaps


# IMAPS proxy configuration
#


server
{
server_name mail.bbb.com;
#listen 993 ipv6only=off ssl;
listen 993 ssl;
#listen 993 ssl;
protocol imap;
proxy on;
timeout 60;
proxy_timeout 2100;
ssl_certificate /opt/zimbra/conf/domaincerts/mail.bbb.com.crt;
ssl_certificate_key /opt/zimbra/conf/domaincerts/mail.bbb.com.key;
sasl_service_name "imap";
}


server
{
server_name mail.aaaa.com;
#listen 993 ipv6only=off ssl;
listen 993 ssl;
#listen 993 ssl;
protocol imap;
proxy on;
timeout 60;
proxy_timeout 2100;
ssl_certificate /opt/zimbra/conf/domaincerts/mail.aaaa.com.crt;
ssl_certificate_key /opt/zimbra/conf/domaincerts/mail.aaaa.com.key;
sasl_service_name "imap";
}

Could be ZBUG-3125, that is supposed to be fixed in the next patch.
https://wiki.zimbra.com/wiki/Multiple_S ... own_Issues